GDPR - Performance Reviews Data Deletion and Anonymization
When a user leaves a Legal Entity organizational unit (OU) and requests to be forgotten OR that user’s data is outside of the data retention period, performance reviews are impacted in the following ways:
- Reviewee - If the user is a reviewee, the user's performance review and any underlying Form Sections are deleted.
- Reviewer - If the user is a reviewer, the user's core data such as First Name and Last Name are anonymized, such as in areas of the performance review PDF. That is, the reviewee's scores and comments remain intact, but any references to the reviewer are anonymized. This includes if the reviewer is a peer reviewer or a co-planner.
- Sign-off Section - In the Sign-off section, the review's signature is anonymized.
- Administrator - If the user is an administrator, the user's core data such as First Name and Last Name are anonymized throughout Performance Review Task Administration.
When a data deletion request is made based on time, the performance review task end date is used to determine when the data is deleted or anonymized.